Connecting to a 3rd Computer-Delegation

When you run a script on Computer A that obtains data from Computer B, WMI is supplying your credentials to the
provider of the data on Computer B. This requires only an impersonation level of
Impersonate because only one network hop is required. However, if the script connects to
WMI on Computer B and attempts to open a log file on Computer C, then the script fails unless the impersonation
level is Delegate. Delegate impersonation level is required by
any operation that involves more than one network hop. For more information about DCOM security in WMI, see
Setting Client Application Process Security.
For more information about a one-network hop connection between two computers, see
Connecting to WMI on a Remote Computer.

The following procedure describes how to connect a computer to other computers.

To connect a computer to other computers

Enable delegation in Active Directory (Active Directory Users and Computers in
Control PanelAdministrative Tasks) on the domain controller. The account on Computer B must be
marked as Trusted for delegation and the account on Computer A must not be marked as
Account is sensitive and cannot be delegated. Computer A, Computer B, and the domain
controller must be members of the same domain or in trusted domains.

Note Using delegation is a security risk because it gives processes outside of your direct control the ability
to use your credentials.